Project

General

Profile

Actions
Copy link

Bug #35359

closed

Make the Http Proxy store a CA certifcate

Added by Partha Aji over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Partha Aji
Category:
Proxy gateway
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
2112098
Pull request:
https://github.com/theforeman/foreman/pull/9348, https://github.com/theforeman/foreman/pull/9355
Fixed in Releases:
3.5.0
Found in Releases:
Red Hat JIRA:

Description

When talking over an https proxy, 2 certificates have to be addressed
  1. CA Cert of the Proxy
  2. CA Cert of the destination URL (assuming its https).

Currently to HTTP Proxies require both these certificates to be in systems default trust store to connect to EC2/Other compute providers.

A better approach would be to store the CA Cert of the https proxy in the database instead of the trust store. When talking to EC2 we can narrow down the certificates in the chain to the one from proxy + certificates in the system trust store.

Actions
Copy link
 #1

Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Assignee set to Partha Aji
  • Pull request https://github.com/theforeman/foreman/pull/9348 added
Actions
Copy link
 #2

Updated by The Foreman Bot over 1 year ago

  • Fixed in Releases 3.5.0 added
Actions
Copy link
 #3

Updated by Partha Aji over 1 year ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #4

Updated by The Foreman Bot over 1 year ago

  • Pull request https://github.com/theforeman/foreman/pull/9355 added
Actions
Copy link
 #5

Updated by Partha Aji over 1 year ago

  • Bugzilla link set to 2112098
Actions
Copy link
 #6

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Triaged changed from No to Yes
Actions
Copy link

Also available in: Atom PDF